Changeset 79 for selinux/build/misc.te
- Timestamp:
- Jan 19, 2007, 6:58:44 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
selinux/build/misc.te
r28 r79 1 1 policy_module(misc,1.0.0) 2 2 3 ### AFS ### 4 5 require { 6 type crond_t, kernel_t, sshd_t, user_t, httpd_t; 7 type proc_t; 8 } 9 afs_access(afsd_t); 10 afs_access(crond_t); 11 afs_access(httpd_t); 12 afs_access(kernel_t); 13 afs_access(sshd_t); 14 afs_access(user_t); 15 16 require { 17 type initrc_t; 18 } 19 # init.d script sets up cell files: 20 allow initrc_t afsd_etc_t:file { setattr write }; 21 # permit aklog: 22 allow user_t proc_t:file write; 23 24 ### CRON ### 25 26 require { 27 type crond_t, user_cron_spool_t; 28 type user_t; 29 }; 30 31 ### crond can switch to user_t rather than user_crond_t 32 ### (we have pam_env set SELINUX_ROLE_TYPE to accomplish this) 33 domain_cron_exemption_target(user_t) 34 allow user_t user_cron_spool_t:file entrypoint; 35 allow crond_t user_t:process transition; 36 dontaudit crond_t user_t:process { noatsecure siginh rlimitinh }; 37 allow crond_t user_t:fd use; 38 allow user_t crond_t:fd use; 39 allow user_t crond_t:fifo_file rw_file_perms; 40 allow user_t crond_t:process sigchld; 41 42 ### KRB ### 43 44 require { 45 type sshd_t; 46 }; 47 48 ### sshd GSSAPI authentication 49 kerberos_read_keytab(sshd_t) 50 allow user_t kernel_t:key search; 51 52 ### MAIL ### 53 mta_sendmail_exec(user_t) 54 can_exec(user_t, sendmail_exec_t) 55 56 57 ### HTTPD ### 58 allow httpd_t self:key all_key_perms;
Note: See TracChangeset
for help on using the changeset viewer.